Change log for PING
Date | Changes |
---|---|
2024-11-27 | Enhancement:
- Mapped "details.device.id" to "principal.asset.asset_id" - Mapped "externalId","estimatedDistance","lastSeen","externalLastSeen" and "os_name_label" to "additional.fields" |
2024-11-07 | Enhancement:
- Added mappings for the following fields: "riskEvent", "riskDetails", "riskResult", and "riskEvaluation". |
2024-07-29 | Enhancement:
- Added support for a new pattern of JSON logs. |
2024-06-17 | Enhancement:
- Added support to handle unparsed SYSLOG + KV logs. |
2023-12-07 | Bugfix:
- Mapped "actors.client.type" to "principal.user.attribute.roles". - Mapped "actors.client.name" to "principal.user.user_display_name". - Mapped "actors.client.id" to "principal.user.userid". - Mapped "actors.client.href" to "principal.url". - Mapped "source.userAgent" to "network.http.user_agent". - Mapped "source.ipAddress" to "principal.ip". - Mapped "resources.href" to "target.url". |
2023-04-06 | Enhancement:
- Parsed logs ingested in JSON format. - Added new Grok pattern to handle failing SYSLOG+JSON logs because of change in date format. - Mapped 'result.message.Country' to 'principal.location.country_or_region'. - Modified mapping for 'resource.status' from 'security_result.about.labels' to 'security_result.about.resource.attribute.labels'. |
2022-08-04 | Enhancement:
- Mapped user_id to principal.user.userid. - wrote grok to extract user_id. |
2022-07-21 | Enhancement:
- Added a new grok pattren for logs with product_event_type DEBUG. - Mapped description to metadata.description. - Mapped product_event_type to metadata.product_event_type. - Mapped src_host to principal.hostname. - Mapped src_port to principal.port. - Mapped userid to principal.user.userid. - Mapped sr_description to security_result.description. - Mapped sr_summary to security_result.summary. - Mapped event_type to USER_UNCATEGORIZED where userid not null. |
2022-07-08 | Enhancement:
- Modified mapping for "actor.type" from "principal.user.role_name" to "principal.user.attribute.roles". |